Deploying all-in-one OKD 3.11 with Let's Encrypt SSL certificates

15 Jan 2019

I’ve been experimenting with OpenShift lately and in the following post I’d like to document the steps required to get an OKD 3.11 environment up and running. For those who are not familiar with the OKD abbreviation it is “The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift”. The deployment is going to be set up on a single node and configured to use Let’s Encrypt SSL certificates for the API endpoint/console and HTTPS routes.

The main purpose of this exercise is to:

get myself familiar with the openshift-ansible installer process

get an OpenShift environment connected to the Internet up and running that I can experiment with

Let’s get started.

Prerequisites

Hardware

** Get a beefy CentOS 7 VM ready. For this test I used one with 4 vCPUs, 16 GB of RAM and 50GB of storage. The specs could be lowered but you may need to disable specific checks the installer runs.

DNS configuration

** I’m going to use ‘containers.remote-lab.net’ as the domain name for this OpenShift installation. Consequently I’ve got to set up the following DNS records in my domain’s zone file to be able to reach the environment from any client. The wildcard mask entry is required for the OpenShift routes:

containers.remote-lab.net. IN A 148.251.139.92
*.containers.remote-lab.net. IN A 148.251.139.92